#
# MiaB-LDAP's directory schema for Time-based one time passwords (TOTP)
#
# MiaB LDAP UUID(v4): 7392cdda-5ec8-431f-9936-0000273c0167
#                 or: 1939000794.24264.17183.39222.658243943
#

objectIdentifier MiabLDAProot 2.25.1939000794.24264.17183.39222.658243943

objectIdentifier MiabLDAPmfa MiabLDAProot:1
objectIdentifier MiabLDAPmfaAttributeType MiabLDAPmfa:3
objectIdentifier MiabLDAPmfaObjectClass MiabLDAPmfa:4

# secret consists of base32 characters (see RFC 4648)
attributetype ( MiabLDAPmfaAttributeType:1
	DESC 'TOTP secret'
	NAME 'totpSecret'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	EQUALITY caseExactIA5Match )

# tokens are a base-10 string of N digits, but set the syntax to
# IA5String anyway
attributetype ( MiabLDAPmfaAttributeType:2
	DESC 'TOTP last token used'
	NAME 'totpMruToken'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	EQUALITY caseExactIA5Match )

objectClass ( MiabLDAPmfaObjectClass:3
	NAME 'totpUser'
	DESC 'MiaB-LDAP User TOTP settings'
	SUP top
	AUXILIARY
	MUST ( totpSecret )
	MAY ( totpMruToken ) )